Update: After a weekend away I resorted to a factory reset last night and it's now back to normal.

Bit strange really as I never altered any of the settings when I set it up but anyway it seems to be OK.

I'll continue to monitor it but hopefully I don't need a new router

In reply to a post by RobertoS:

You are obsessed with modem hacking.

How this corruption occurs I do not know at the detailed level, but it is a fact it used to happen. Also see my next post in the thread, where the explanation may lie, and understandably so.

The thing is there is almost certainly no corruption of the firmware. The idea that nearby electrical activity could cause a flash cell to be changed is utterly preposterous and assumes the introduction of new Nobel prize winning physics.

What is more likely is a consumer grade router that has likely not had it's firmware upgraded which shows signs of unexplained slow downs after been on for a period of time is being repeatedly hacked. I would note this was the first clue that in one of my cases there was a hack going on. Router was fine at first, but after a varying amount of time (hours to days) the throughput became significantly lower than the sync speed.

Basically it is very difficult to change the flash firmware file on these routers with a hack as you have to upload an entirely new firmware file. You can't just change or add files in place. This is entirely unlike a standard computer.

On the other hand most routers go weeks if not months between reboots, so it is not worth the effort to make the hack be able to survive a reboot, just move on to a new router. Consequently most hacks on routers do not survive a reboot.

Note to actually determine if there is a problem you would need to get a command prompt on the router and for many routers this is not very easy anyway, unless you are into hacking it of course but that requires knowing the vulnerability in the first place.

In reply to a post by stevewhits:

Testing was plugged into test socket with Ethernet cables. I�m going to carry out a factory reset but if that doesn�t work it�s a new router. Bit of anecdotal evidence when searching that this isn�t an isolated issue with this router.

Or the router has firmware with a vulnerability, and is getting hacked and then upstream bandwidth being used for nefarious activities.

See this post.

Experience can often be more useful than a PhD in balderdash.

What do you mean by hacked? I am sure I asked this on another thread but got no answer. Why would a 'hacked' router slow down, and why do you think this is this common?

It's far, far, far more likely that slow downs are due to the amount of time the device has been turned on. You only have to look at the Superhubs 1 & 2 to see that if you didn't reboot them every couple of weeks many of them slowed to a crawl. Are we to assume this was hackers?

In tandem with the above, if the device has had lots of different devices connected it can slow down (or in the case of a few older Netgear routers we have for guest wifi at work) just stop completely and ignore any request, even a local one to the admin page - meaning someone going to the comms room to do a physical reset.

As per earlier post by jabuzzard "Consequently most hacks on routers do not survive a reboot."

So take his expert advise and just reboot. Will fix the issue.

Edited by broadband66 (Tue 23-Jul-19 17:43:22)

In reply to a post by jabuzzard:

In reply to a post by stevewhits:

Testing was plugged into test socket with Ethernet cables. I�m going to carry out a factory reset but if that doesn�t work it�s a new router. Bit of anecdotal evidence when searching that this isn�t an isolated issue with this router.

Or the router has firmware with a vulnerability, and is getting hacked and then upstream bandwidth being used for nefarious activities.

As unlikely a possibility as the firmware flash corruption you mocked.

It's simple really.
Asus are useless at making firmware.

It's recommended to reset to factory default configuration when the firmware is updated on Asus routers.
It's definitely good practice when they release a new branch, upgrading from 382.xx you 384.xx for example.

Any time such issues arise on Asus routers a factory reset/restoring default config usually fixes things.

If they are that bad at making firmware then the router will be an unsecure hunk of junk.

How are you determining the difference between a compromised router and other firmware issues? Especially given resetting things back to default will generally remove the compromise temporarily?

Do Asus routers have a documented compromise that can be corrected by a reset?
Has Asus not produced updated firmware to block the compromise?

If no to both of those, are you suggesting that there is an unknown hack going on with Asus routers?

In reply to a post by gary333:

What do you mean by hacked? I am sure I asked this on another thread but got no answer. Why would a 'hacked' router slow down, and why do you think this is this common?

A compromised router would appear to slow down because the upstream bandwidth is being used for nefarious activities. Might be as simple as a distributed denial of service on some target. It could be a hacker using the router to go after a high value target; if you want to hack the Pentagon first compromise someone else's router and go from there. Then the police come knocking on someone else's door. Alternatively they could just be using your router as a proxy for illegal content - anything form movie downloads to child pornography. Again the police are going to come knocking on someone else's door rather than theirs. If they wipe the logs of the router when they are finished it then becomes very very hard to trace. For extra safety string a few compromised routers together.

I think it is common because there are millions of devices out there not getting security updates. If you have not had a security update in a couple of years then it is almost certain there are vulnerabilities in your device.

There is a possibility that badly written software could over time consume more and more resources on the device. However if the manufacturer can't fix that then they are unlikely to be able to fix security vulnerabilities, and the device is junk anyway and you are best getting replacing it with something that does not need restarting every few days or more frequent.

In my personal experience that has not been the case however. The routers where being compromised repeatedly even though they where not on static IP addresses. I do accept that the vast majority of people would be unable to make this determination though as they would lack the skill set required.

Basically all you need to do is read through the CERT vulnerabilities list for the last few years, pick one and test it against the router model of your choice. Then head over to Shodan and do a quick search and start compromising devices

I would add that consumer grade routers tend to be a low priority for security researchers because few if any vendors offer bug bounties. Heck most of them won't even acknowledge there is a problem with their firmware let alone issue an update. That said from time to time you will see long lists of router models with vulnerabilities that never get addressed by the vendors.